Friday, March 18, 2005

The much-anticipated report of the President's Information Technology Advisory Committee has been released.

"Dear Mr. President:
We submit to you the enclosed report entitled Cyber Security: A Crisis of Prioritization. For nearly a year, the President’s Information Technology Advisory Committee (PITAC) has studied the security of the information technology (IT) infrastructure of the United States, which is essential to national and homeland security as well as everyday life.
The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects. Thus, it is a prime target for cyber terrorism as well as criminal acts. The IT infrastructure encompasses not only the best-known uses of the public Internet – e-commerce, communication, and Web services – but also the less visible systems and connections of the Nation’s critical infrastructures such as power grids, air traffic control systems, financial systems, and military and intelligence systems. The growing dependence of these critical infrastructures on the IT infrastructure means that the former cannot be secure if the latter is not.
Although current technical approaches address some of our immediate needs, they do not provide adequate computer and network security. Fundamentally different architectures and technologies are needed so that the IT infrastructure as a whole can become secure.
Historically, the Federal government has played a vital, irreplaceable role in providing support for fundamental, long-term IT R&D, generating technologies that gave rise to the multibillion-dollar IT industry. The PITAC’s review of current Federally supported R&D in cyber security finds an imbalance, however, in the current cyber security R&D portfolio: most support is for short-term, defense-oriented research; there is relatively little support for fundamental research to address the larger security vulnerabilities of the civilian IT infrastructure, which supports defense systems as well. Therefore, PITAC urges changes in the Federal government’s cyber security R&D portfolio..." [emphasis mine]